Service abuse: Wix redirect through bulk mailer domains

calendar Jan 12, 2026 · Attack surface reduction  ·
Share on: linkedin copy

Detects messages containing Wix-encoded links that redirect through bulk mailing service domains, potentially bypassing security controls through legitimate redirect services.

Sublime rule (View on GitHub)

 1name: "Service abuse: Wix redirect through bulk mailer domains"
 2description: "Detects messages containing Wix-encoded links that redirect through bulk mailing service domains, potentially bypassing security controls through legitimate redirect services."
 3type: "rule"
 4severity: "low"
 5source: |
 6  type.inbound
 7  and any(filter(body.links, 'wix' in .href_url.rewrite.encoders),
 8          .href_url.domain.root_domain in $bulk_mailer_url_root_domains
 9  )  
10tags:
11  - "Attack surface reduction"
12attack_types:
13  - "Credential Phishing"
14  - "Malware/Ransomware"
15tactics_and_techniques:
16  - "Evasion"
17  - "Open redirect"
18detection_methods:
19  - "URL analysis"
20  - "Sender analysis"
21id: "60af216d-6896-58d0-95f0-bc590bd67f92"

Related rules

to-top